Comment 1 Brian Evans (RETIRED) 2018-11-19 14:39:43 UTC

@ Arches, please test and mark stable.
The test suite should pass following the official instructions.
Local timeouts may be expected on resource starved machines. (each test thread can spawn up to 4 server instances)

Target keywords:
=dev-db/mariadb-10.0.37 alpha amd64 arm ia64 ppc ppc64 x86
=dev-db/mariadb-10.1.37 alpha amd64 arm ia64 ppc ppc64 x86


# Official test instructions:
# USE='extraengine perl server' \
# FEATURES='test userpriv -usersandbox' \
# ebuild mariadb-10.0.37.ebuild \
# digest clean package

# Parallel testing is enabled, auto will try to detect number of cores
# You may set this by hand.
# The default maximum is 8 unless MTR_MAX_PARALLEL is increased
export MTR_PARALLEL="${MTR_PARALLEL:-auto}"

Comment 2 Brian Evans (RETIRED) 2018-11-19 17:54:54 UTC

Updated list to include 10.3.11. These are the versions where the vulnerability is fixed in a series.  Unlisted series are not affected.

CVE-2018-3284: MariaDB 10.3.11, MariaDB 10.2.19
CVE-2018-3282: MariaDB 5.5.62, MariaDB 10.3.11, MariaDB 10.2.19, MariaDB 10.1.37, MariaDB 10.0.37
CVE-2018-3277: MariaDB 10.3.11, MariaDB 10.2.19
CVE-2018-3251: MariaDB 10.3.11, MariaDB 10.2.19, MariaDB 10.1.37, MariaDB 10.0.37
CVE-2018-3200: MariaDB 10.3.11, MariaDB 10.2.19
CVE-2018-3185: MariaDB 10.3.11, MariaDB 10.2.19
CVE-2018-3174: MariaDB 5.5.62, MariaDB 10.3.11, MariaDB 10.2.19, MariaDB 10.1.37, MariaDB 10.0.37
CVE-2018-3173: MariaDB 10.3.11, MariaDB 10.2.19
CVE-2018-3162: MariaDB 10.3.11, MariaDB 10.2.19
CVE-2018-3156: MariaDB 10.3.11, MariaDB 10.2.19, MariaDB 10.1.37, MariaDB 10.0.37
CVE-2018-3143: MariaDB 10.3.11, MariaDB 10.2.19, MariaDB 10.1.37, MariaDB 10.0.37

Comment 3 Thomas Deutschmann (RETIRED) 2018-11-20 01:43:05 UTC

x86 stable

Comment 4 Agostino Sarubbo 2018-11-20 12:45:36 UTC

amd64 stable

Comment 5 Mikle Kolyada (RETIRED) 2018-11-25 09:47:41 UTC

arm stable

Comment 6 Larry the Git Cow 2018-11-28 16:05:07 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=31e42179dcfdd7ed47eea22a11fac9cb8fb1346b

commit 31e42179dcfdd7ed47eea22a11fac9cb8fb1346b
Author:     Tobias Klausmann <klausman@gentoo.org>
AuthorDate: 2018-11-28 16:04:23 +0000
Commit:     Tobias Klausmann <klausman@gentoo.org>
CommitDate: 2018-11-28 16:04:38 +0000

    dev-db/mariadb-10.0.37-r0: alpha stable
    
    Bug: http://bugs.gentoo.org/670388
    Signed-off-by: Tobias Klausmann <klausman@gentoo.org>

 dev-db/mariadb/mariadb-10.0.37.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Comment 7 Sergei Trofimovich (RETIRED) 2018-11-28 23:18:17 UTC

ia64 stable

Comment 8 Mikle Kolyada (RETIRED) 2019-04-06 13:37:40 UTC

alpha stable

Comment 9 Brian Evans (RETIRED) 2019-05-15 13:25:31 UTC

dev-db/mariadb-10.0.37 removed from stable list as 10.0 is obsolete and due to be removed

Comment 10 Agostino Sarubbo 2019-06-04 19:02:08 UTC

ppc stable

Comment 11 Agostino Sarubbo 2019-07-02 10:37:08 UTC

ppc64 stable.

Maintainer(s), please cleanup.
Security, please add it to the existing request, or file a new one.

Comment 12 Larry the Git Cow 2019-07-02 12:27:55 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6f3c8590c1c8bb857c79d1b06c638aed58c64b92

commit 6f3c8590c1c8bb857c79d1b06c638aed58c64b92
Author:     Brian Evans <grknight@gentoo.org>
AuthorDate: 2019-07-02 12:27:37 +0000
Commit:     Brian Evans <grknight@gentoo.org>
CommitDate: 2019-07-02 12:27:37 +0000

    dev-db/mariadb: Clean up old and vulnerable versions
    
    Bug: https://bugs.gentoo.org/679024
    Bug: https://bugs.gentoo.org/670388
    Package-Manager: Portage-2.3.68, Repoman-2.3.16
    Signed-off-by: Brian Evans <grknight@gentoo.org>

 dev-db/mariadb/Manifest               |   7 -
 dev-db/mariadb/mariadb-10.1.34.ebuild | 887 -------------------------------
 dev-db/mariadb/mariadb-10.1.37.ebuild | 887 -------------------------------
 dev-db/mariadb/mariadb-10.2.24.ebuild | 972 ---------------------------------
 dev-db/mariadb/mariadb-10.3.13.ebuild | 973 ---------------------------------
 dev-db/mariadb/mariadb-10.3.15.ebuild | 974 ----------------------------------
 dev-db/mariadb/mariadb-5.5.63.ebuild  | 831 -----------------------------
 7 files changed, 5531 deletions(-)

Comment 13 GLSAMaker/CVETool Bot 2019-08-18 02:29:59 UTC

This issue was resolved and addressed in
 GLSA 201908-24 at https://security.gentoo.org/glsa/201908-24
by GLSA coordinator Aaron Bauman (b-man).